tag:www.schneier.com,2017:/blog//2/tag:www.schneier.com,2004:/blog//2.73-2017-03-08T08:30:45ZComments for Security Notes from All Over: Israeli Airport Security QuestioningA blog covering security and security technology.Movable Typetag:www.schneier.com,2004:/blog//2.73-comment:32270Comment from DHofmann on 2005-12-28DHofmann
Here's a USA Today article about how some airports are using what they call "behavior detection" (observing people's behavior and engaging them in conversation) to identify potential lawbreakers:

But the article notes that the danger of screening people this way is that it can lead to racial profiling.

]]>
2005-12-28T15:56:57Z2005-12-28T15:56:57Ztag:www.schneier.com,2004:/blog//2.73-comment:27007Comment from Bill on 2005-11-28Bill
A defender does not necessarily need to defend against all possible attacks that an attacker would level if the defender has effective intelligence capabilities. Futhermore, I may leave some low impact targets open or even create fake targets to draw out an attacker.
]]>
2005-11-29T01:12:03Z2005-11-29T01:12:03Ztag:www.schneier.com,2004:/blog//2.73-comment:604Comment from jayh on 2004-12-22jayh
Actually those 'honesty test' exams (referenced in earlier post) are largely unvalidated questionable in scientific research. The success numbers they quote are generally from 'proprietary research', companies selling those profiles are notoriously reticent to allow them to actually be openly tested.

There is no scientifically vetted reason to assume any of hose 'trick' questions consistently work.

]]>
2004-12-22T15:21:12Z2004-12-22T15:21:12Ztag:www.schneier.com,2004:/blog//2.73-comment:559Comment from Anonymous on 2004-12-17Anonymous
It is an appalling thought to reverse the odds off attacker and defender. It is true that in the "classical" mode the attacker has to find only one weak spot in the defence. Alas, reversing the sides doesn't mean, that the attacker (now the security personell) has to find only one weak spot in the defence (of the terrorists) but ALL weak spots. This is another game and almost impossible. Even if the possibility of not detecting a potential threat is 1: 1000 you need only 100 attempts to break through with a 10% probability. With 1000 tries you get through with a probability of two thirds. You just have to saturate the system and one lucky or in this case unlucky shot is sufficient. Nevertheless the system the Israelis use is better than a solely passive system because it is for a potential attacker a kind of "moving target". I would compare it with what the military calls forward defence. But it is still defence.]]>
2004-12-17T10:13:56Z2004-12-17T10:13:56Ztag:www.schneier.com,2004:/blog//2.73-comment:553Comment from Bruce Schneier on 2004-12-15Bruce Schneierhttp://www.schneier.com
There have been a few good comments here. It's true that this system requires trained professionals to administer, and that the efficacy of the system depends on the integrity of those trained professionals.

I think that's true for quite a lot of security.

]]>
2004-12-15T23:27:00Z2004-12-15T23:27:00Ztag:www.schneier.com,2004:/blog//2.73-comment:551Comment from Mauerspecht on 2004-12-15Mauerspecht
This reminds me of a oral test in computer science at the university.
I guess I annoyed the teacher too much by asking questions and pointing to errors he made during the three semester lecture so he got his revenge at the test.

He started asking questions all over the lecture, interrupting me after the first scentence whenever I showed confidence with the material.

After a few minutes he found a topic where I only had rough knowledge and spend most of the remaining time to drill down, exploring how weak my knowledge of this topic was.

Obviously I failed the test.

I am sure that even the best students from this class would have failed if they have been treated this way, but of course they were allowed to speak long on topics they were good at.

I am sure you can let anybody 'fail' when digging deep enough, it is up to the integrity of the questioner to keep the false positive rate low.

]]>
2004-12-15T22:33:37Z2004-12-15T22:33:37Ztag:www.schneier.com,2004:/blog//2.73-comment:549Comment from john kelsey on 2004-12-15john kelsey
There are two interesting points here:

a. This raises the cost of coming up with a cover story that's radically different than your own. If I needed a cover story, I'd pretty much have to make one very closely related to my real life, so this probably makes it harder to pass yourself off as a businessman when you're really an unemployed, perpetual grad student, for example.

b. I wonder if it wouldn't be pretty hard on you to talk about all the fun things you'd like to be doing when you got off the plane, when you really planned to blow the plane up in mid-flight. "Well, I'll go see my Mom and Dad in Ramallah, then go hang out with all my old friends,..." Maybe this kind of stress would be noticeable. (Though I honestly don't have any sense of the state of mind you need to be in to plan on blowing yourself up.)

--John

]]>
2004-12-15T16:55:53Z2004-12-15T16:55:53Ztag:www.schneier.com,2004:/blog//2.73-comment:547Comment from Clive Robinson on 2004-12-15Clive Robinson
The problem with the approach is exactly the same as that for the use of lie detectors, it's at best unreliable, and needs well trained staff.

Certain groups of people (psycopaths being one) show no signs of stress when telling either a lie or the truth, and the process does not work.

Also there is a well known method of dealing with false story detection that involves manipulating the questioner. Put very very simply you use the old salesmans trick of "back questioning" and "conversational hijaking" allied with "affability" and "affront". When asked a question you turn it back into a question on the questioner, for instance when asked about particulars of your trip at some point it will get down to specifics such as eating out etc you might say "We are going to an Italian restraunt, do you like Italian food" this leaves the questioner open as they will try not to be rude (as this will close you down) so they might say "yes","no","sometimes" at which point you can say "Is it the pasta or the sauce you like", "Oh that's a shame why not" etc. You end up leading the questioner off target, they have to try to get back on target the roles start to become reversed.

Without terminating the interview there are only two ways out of this for the questioner, be rude, or try to stay on track.

Being rude is counter productive, you can easily get upset in an affabale way which again takes their line of questioning off or you start complaining and asking to speak to somebody about their behaviour. The questioner has to be very skilled to stay on track and remember sufficient detail to setup verbal traps etc.

Like beating lie detectors it is something you can be trained to do very effectivly whilst still remaining convincingly safe.

]]>
2004-12-15T16:30:13Z2004-12-15T16:30:13Ztag:www.schneier.com,2004:/blog//2.73-comment:545Comment from Francois Kashy on 2004-12-15Francois Kashy
It's a good idea. The interviewers should be trained to recognize certain anomalies in behavior or story. It's like the trick questions on a psychological exam. "Do you ever get angry?" Any normal honest person will answer yes. Someone trying to hide something would say no. A series of questions like that can be very revealing. Any ordinary person may have perfectly valid reasons for saying "I don't know where we're going Thursday" or "That information is classified." What terrorist would risk giving answers like that? Now, if someone has an answer to every single question, that should be a red flag.]]>
2004-12-15T15:55:17Z2004-12-15T15:55:17Ztag:www.schneier.com,2004:/blog//2.73-comment:539Comment from john on 2004-12-15johnhttp://www.ripserve.com/perkins/
Israeli airport security has changed over the past 6 months. I left Israel in September this year, through the old airport terminal. It took me an hour and a half to go through security, 2 staff were asking me the old, where did you go, who did you see questions. I'm used to it now, I'm a journalist, I've been to Syria, I've been staying in Nablus, these guys are just doing their jobs. A Syrian visa sets off alarm bells, and I've had 3 hour sessions before. At least they aren't shooting at me. (Let's not get into the number of civillian deaths caused by Israeli counter-terror.) But now, late November, they have a new terminal building. I was through security in 15 minutes. I have the same incriminating visas in my passport, I've been staying in the same places, my equipment is the same. The only visible changes are new x-ray machines, and fewer staff. I don't think this is atypical of the new setup, a friend got through in about the same amount of time, even though she's married to a Palestinian refugee. Either they're getting lax, ot they have a weird new technique.]]>
2004-12-15T11:08:49Z2004-12-15T11:08:49Ztag:www.schneier.com,2004:/blog//2.73-comment:536Comment from Joe Huffman on 2004-12-15Joe Huffmanhttp://blog.joehuffman.org
There are valid reasons for not telling anyone who you are visiting at your destination. Nearly all of my "customers" (I'm a researcher at a national laboratory) are classified. When I visit them I can only tell my wife what city I am going to and what hotel I'm staying in. My specific business and who I am visiting are given only to those with a "need to know" which tends to be a very small group of people. Presumably there would be a way to check out my claim that I have a security clearance and my employer (the lab) would be able to validate my claims sufficiently to get me past my interrogator.

I think this idea could go a long way towards ridding us of those pointless searches.

]]>
2004-12-15T08:06:39Z2004-12-15T08:06:39Ztag:www.schneier.com,2004:/blog//2.73-comment:534Comment from Wilson on 2004-12-14Wilsonhttp://www.netwhatever.com/weblog/random/
I went through the screening process to get into Israel a few years ago, in late 1999. It was a "quiet" period for terrorism, but the interview process was quite long. And it happened at the departure gate, in Spain, and not at the arrival (it was an El-Al flight).

I was asked for the whole story behind the trip: why I was going through Spain (I had departed from Brazil, there are no direct flights), why I had Spanish phone numbers in my PDA (my company's headquarters were in Madrid), was anyone in Israel expecting me (yes, a software company), were they listed in the Yellow Pages (how should I know?), why did I have a CD-R labeled as "Windows 95" with me (to test their software with the Brazilian version of Windows) and so on.

They even "borrowed" my PDA for a few minutes and called people in Spain and Israel to check my story.

Needless to say, I wasn't a terrorist and was allowed through. I felt very nervous during the whole process, tough; it's not comfortable at all.

And, to top things, they misplaced my bag. It was delivered to my hotel three days later...

]]>
2004-12-15T02:52:00Z2004-12-15T02:52:00Ztag:www.schneier.com,2004:/blog//2.73-comment:530Comment from Bonzo on 2004-12-14Bonzo
Say a passenger decides to lie to the interviewer - but not because he is a terrorist. He might be flying to see his mistress, but certainly wouldn't want to reveal that he is cheating on his wife. His lying would put on him suspicion of terrorism nevertheless.
This interview tactic seems like it could be all to easily abused as a violation of privacy. Is the passenger required to answer the questions? What kind of questions are allowed to be asked of him?
In general, I'm not sure this Airport Gestapo is the best way to secure planes.]]>
2004-12-15T00:21:14Z2004-12-15T00:21:14Ztag:www.schneier.com,2004:/blog//2.73-comment:527Comment from Davi Ottenheimer on 2004-12-14Davi Ottenheimer
Yes, well, this was my point when I responded to your post on the TSA (http://www.schneier.com/blog/archives/2004/12/airline_securit.html)

Israeli Security is efficient in the way it handles traffic load, yet it seems to be reasonably effective in maintaining security in the face of constant attack. In fact, I have been amazed over the years at how quickly some are whisked through ElAl security, while others are detained or removed.

]]>
2004-12-14T21:37:53Z2004-12-14T21:37:53Ztag:www.schneier.com,2004:/blog//2.73-comment:526Comment from tjs on 2004-12-14tjs
A novel approach at resolving a new dynamic on an old problem. How could we apply similar principles to the electronic realm? It seems that the key principle is the role reversal whereby the malicious 'attackers' get put into the role of the 'defenders', the analogy tends to break down when we start to talk about packets instead of people.

As an aside, I strongly believe that the industry needs to find ways to solve security problems without infringing on privacy. What if I had a valid reason not to give my story to an airport worker? The privacy/security tradeoff is not acceptable by principle- as it will only continue to emphasize the dangerous precedence that the industry has been setting, eroding civil liberties in the name of security; be it digital or analog.

tjs

]]>
2004-12-14T21:30:07Z2004-12-14T21:30:07Ztag:www.schneier.com,2004:/blog//2.73-comment:525Comment from This is not my name on 2004-12-14This is not my namehttp://this_is_not_my_url.com
One thing to remember is that it is not the answers alone which are being judged, but also the way the answers are given. If the passenger with a memorized story all of a sudden has to start making things up, he will likely give clues to that which a trained examiner will pick up. So this technique will only work well in the context of "Behavioral screening."]]>
2004-12-14T20:34:14Z2004-12-14T20:34:14Ztag:www.schneier.com,2004:/blog//2.73-comment:522Comment from James Mastros on 2004-12-14James Mastros
On the other hand, what about the woman (Alice) who is legitimately planning on going to Israel, meeting a she knows there (Bob), and then hanging out with him, and letting him take her on touristy trips and such of his choosing. She gets to a point where her story ends, and she doesn't know what she's going to do.

"I'm meeting my boyfriend, Bob, at the airport. Well, I was supposed to, several hours ago, when I landed. I don't remember his address or phone number -- they're in my purse, but you took that. I'm not sure what we were going to do -- he was going to take me to dinner -- I think he said an Italian place?"

"Well, that's a very convient, Alice. You can't answer our questions, so we can't judge your answers. Very convient. Boys, take her away!"

PS -- Counsouling us to lie about our name and email address if they are required for no good reason, and then requiring them for no good reason, is a nice touch.

]]>
2004-12-14T17:58:11Z2004-12-14T17:58:11Ztag:www.schneier.com,2004:/blog//2.73-comment:521Comment from Kieran on 2004-12-14Kieran
I would have thought a simple defence (on the bad guy's part) against this would simply be to have an "open" reason to be travelling as well as the "hidden" one, which essentially means just having a much better cover identity (or even a cover "life").

It's often said, after all, that the key to a good lie is that it's very close to the truth.

]]>
2004-12-14T16:39:38Z2004-12-14T16:39:38Ztag:www.schneier.com,2004:/blog//2.73-comment:519Comment from M on 2004-12-14M
I think you've identified a key dynamic, and we need to find more opportunities to turn this dynamic in our favor, e.g., push the problem upstream into the adversary's planning and staging phases or lure the adversary to a honey pot. I suspect there are some generalizable, reusable patterns here that a little thought and gaming would reveal.]]>
2004-12-14T16:15:31Z2004-12-14T16:15:31Z